Lucene search

CloudLinuxCLSA-2021:1629902677

HistoryAug 25, 2021 - 2:44 p.m.

Fix of CVE: CVE-2020-14058, CVE-2020-15049

2021-08-2514:44:37

repo.cloudlinux.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of
service
CVE-2020-15049: fix incorrect validation of Content-Length field leading to
Http smuggling and Poisoning attack

OSVersionArchitecturePackageVersionFilename
Centos6x86_64squid< 3.1.23squid-3.1.23-30.el6.cloudlinux.els.src.rpm

OS	Version	Architecture	Package	Version	Filename
Centos	6	x86_64	squid	< 3.1.23	squid-3.1.23-30.el6.cloudlinux.els.src.rpm

References

errata.cloudlinux.com/els6/CLSA-2021-1629902677.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CLSA-2021:1629902677